Perform the following procedure to install the Splunk Forwarder on the Carbon Black App Control Server.

The Splunk Universal Forwarder is a package that can be installed on systems so that Splunk can collect data from them, for example from log files. In this case, when the Forwarder and Splunk App for Carbon Black App Control are installed, the Forwarder collects data from the Carbon Black App Control export folder and directs it to the correct location in the Splunk infrastructure.

Caution: During the Splunk Universal Forwarder installation process, do not enter the location of the data files on the Carbon Black App Control Server when prompted. The location of these files is provided by the Splunk App for Carbon Black App Control.

Prerequisites

Before you perform this procedure, install the Splunk App for Carbon Black App Control on the Splunk Server. See Install the Splunk App for Carbon Black App Control on the Splunk Server.

Procedure

  1. Download the forwarder from the Splunk website: http://www.splunk.com/download/universalforwarder.
  2. Run the appropriate installer for your operating system on the Carbon Black App Control Server.
  3. Provide the address of your Splunk Server when prompted.

What to do next

The next step is to: Install the Splunk App on the Carbon Black App Control Server.